ISO 9001:2015

QUALITY MANAGEMENT SYSTEM

ISO 9001 is part of ISO 9000 series, a family of standards for quality management systems. ISO 9000 is maintained by ISO, the International Organization for Standardization. The rules are updated, as the requirements motivate changes over time.

Some of the requirements in ISO 9001:2015 include:

  • A set of procedures that cover all key processes in the business;
  • Monitoring processes to ensure they are effective;
  • Keeping adequate records;
  • Checking output for defects, with appropriate and  corrective action;
  • Regularly reviewing individual processes and the quality system for effectiveness;
  • Facilitating continual improvement.

It is widely acknowledged that proper quality management improves business, often having a positive effect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance of litigation. ISO 9000 guidelines provide a comprehensive model for quality management systems that can make any company competitive. A survey also indicated that ISO 9000 increased net profit. According to the Providence Business News, implementing ISO often gives the following advantages:

  1. Create a more efficient, effective operation
  2. Increase customer satisfaction and retention
  3. Reduce audits
  4. Enhance marketing
  5. Improve employee motivation, awareness, and morale
  6. Promote international trade
  7. Increases profit
  8. Reduce waste and increases productivity.

ISO 14001:2015

The ISO 14001 Environmental management standard provide guidance to help the organizations to minimize how their operations negatively affect the environment (i.e. cause adverse changes to air, water, or land); comply with applicable laws, regulations, and other environmentally oriented requirements, and continually improve the environmental management system. ISO 14001 is part of a family of ISO 14000 series standards.

ISO 14001 is similar to ISO 9001 quality management both pertain to the process of how a product is produced, rather than to the product itself. As with ISO 9001, certification is performed by third-party organizations rather than being awarded by ISO directly. The ISO 19011 audit standard applies when auditing for both 9001 and 14001 compliance at once.

ISO 14001:2015 able to implement for any kind organization, regardless of size, type and nature, and applies to the environmental aspects of its activities, products and services that the organization determines it can either control or influence considering a life cycle perspective.

ISO 14001:2015 does not state specific environmental performance criteria.

ISO 14001:2015 can be used in whole or in part to systematically improve environmental management. Claims of conformity to ISO 14001:2015, however, are not acceptable unless all its requirements are incorporated into an organization’s environmental management system and fulfilled without exclusion.

The standard is not an environmental management system as such and therefore does not dictate absolute environmental performance requirements, but serves instead as a framework to assist the organisations in developing their own environmental management system. ISO 14001 can be integrated with other management functions and assists companies in meeting their environmental and economic goals.

The standard can be applied to a variety of levels in the business, from organisational level, right down to the product and service level. Rather than focusing on exact measures and goals of environmental performance, the standard highlights what an organisation needs to do to meet these goals. Success of the system is very defendant on commitment from all levels of the organisation, especially top management, who need to be actively involved in the development, implementation and maintenance of the environmental management system.

ISO 14001:2015 helps an organization achieve the intended outcomes of its environmental management system, which provide value for the environment, the organization itself and interested parties. Consistent with the organization’s environmental policy, the intended outcomes of an environmental management system include:

  • enhancement of environmental performance;
  • fulfillment of compliance obligations;
  • achievement of environmental objectives.

Organisations can significantly benefit from EMS implementation through the identification of large cleaner production projects (e.g. which can drastically cut electricity costs in manufacturing industries). ISO 14001 can be a very effective tool to identify these cost savings opportunities for some organisations. Some other organisations can falter in its planning, lack of senior management commitment and poor understanding of how it should be implemented and find themselves managing an ineffective EMS. Improvements that organisations can take include adequately planning its structure and allocating adequate resources, providing training, creating forums for discussion, setting measurable targets and work according to the philosophy of continuous improvement.

ISO 45001:2018

ISO 45001 builds on the success of earlier international standards in this area such as OHSAS 18001, the International Labour Organization’s ILO-OSH Guidelines, various national standards and the ILO’s international labour standards and conventions. Health and safety in the workplace are the number one concern of most businesses, yet still deaths and injuries occur.

ISO 45001 sets the minimum standard of practice to protect employees worldwide.

The ISO 45001 specification is applicable to any organisation that wishes to:

 Establish an OH&S management system to eliminate or minimize risk to

employees and other interested parties who may be exposed to OH&S risks

associated with its activities

  1. Reduction of workplace incidents
  2. Reduced absenteeism and staff turnover,
  3. Assure itself of its conformance with its stated OH&S policy
  4. Ability to meet legal and regulatory requirements
  5. Enhanced reputation
  6. Improved staff morale

 Demonstrate such conformance to others

  • leading to increased productivity
  • Reduced cost of insurance premiums

 Implement, maintain and continually improve an OH&S management system

  • Creation of a health and safety culture, whereby employees are encouraged to

take an active role in their own OH&S

  • Reinforced leadership commitment to proactively improve OH&S performance

 Make a self-determination and declaration of conformance with this OH&S specification.

 Seek certification/registration of its OH&S management system by an external organization

Who is ISO 45001 for ? ISO 45001 is applicable to all organizations, regardless of size, industry or nature of business. It is designed to be integrated into an organization’s existing management processes and follows the same high-level structure as other ISO management system standards, such as ISO 9001 (quality management) and ISO 14001 (environmental management).

ISO 45001 enables organizations to put in place an occupational health and safety (OH&S) management system. This will help them manage their OH&S risks and improve their OH&S performance by developing and implementing effective policies and objectives.

ISO /IEC 27001:2022

INFORMATION SECURITY MANAGEMENT SYSTEM

ISO/IEC 27001:2022 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2022 are generic and are intended to be applicable to all organizations, regardless of type, size or nature. The ISO/IEC 27000:2022 Standard provides a framework for an effective Information Security Management System (ISMS). It sets out the policies and procedures necessary to protect an organization or company that includes all the risk controls (legal, physical and technical) necessary for strong IT security management.

ISO 22000:2018

FOOD SAFETY MANAGEMENT SYSTEM

Whatever their size, or product, all food producers have a responsibility to manage the safety of their products and the well-being of their consumers. That’s why ISO 22000 exists.

The consequences of unsafe food can be serious. ISO’s food safety management standards help organizations identify and control food safety hazards, at the same time as working together with other ISO management standards, such as ISO 9001. Applicable to all types of producer, ISO 22000 provides a layer of reassurance within the global food supply chain, helping products cross borders and bringing people food that they can trust.

ISO /IEC 37001:2016

ANTI BRIBERY MANAGEMENT SYSTEMS

ISO 37001:2016 specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The system can be stand-alone or can be integrated into an overall management system. It will be useful if the Quality Management System was first established in the organization.

ISO 37001:2016 addresses the following in relation to the organization’s activities:

  • bribery in the public, private and not-for-profit sectors;
  • bribery by the organization;
  • bribery by the organization’s personnel acting on the organization’s behalf or for

its benefit;

  • bribery by the organization’s business associates acting on the organization’s

behalf or for its benefit;

  • bribery of the organization;
  • bribery of the organization’s personnel in relation to the organization’s activities;
  • bribery of the organization’s business associates in relation to the organization’s

activities;

  • direct and indirect bribery (e.g. a bribe offered or accepted through or by a third

party).

ISO 37001:2016 is applicable only to bribery. It sets out requirements and provides guidance for a management system designed to help an organization to prevent, detect and respond to bribery and comply with anti-bribery laws and voluntary commitments applicable to its activities.

ISO 13485:2016

Medical devices — Quality management systems — Requirements for regulatory purposes

ISO 13485:2016 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements.

ISO 13485:2016 can also be used by suppliers or external parties that provide product, including quality management system-related services to such organizations.

The processes required by ISO 13485:2016 that are applicable to the organization, but are not performed by the organization, are the responsibility of the organization and are accounted for in the organization’s quality management system by monitoring, maintaining, and controlling the processes.

ISO/IEC 20000-1:2018

Information technology — Service management

This standard specifies requirements for an organization to establish, implement, maintain and continually improve a service management system (SMS). It is include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value. This document can be used by:

  1. a customer seeking services and requiring assurance regarding the quality of those services; requiring a consistent approach to the service lifecycle by all its service providers, including those in a supply chain;
  2. an organization to demonstrate its capability for the planning, design, transition, delivery and improvement of services; to monitor, measure and review its SMS and the services; to improve the planning, design, transition, delivery and improvement of services through effective implementation and operation of an SMS;
  3. an organization or other party performing conformity assessments against the requirements specified in this document;
  4. g) a provider of training or advice in service management.

The term “service” as used in this document refers to the service or services in the scope of the SMS. The term “organization” as used in this document refers to the organization in the scope of the SMS that manages and delivers services to customers. The organization in the scope of the SMS can be part of a larger organization, for example, a department of a large corporation. An organization or part of an organization that manages and delivers a service or services to internal or external customers can also be known as a service provider. Any use of the terms “service” or “organization” with a different intent is distinguished clearly in this document.